21 Apr 2020 • 10 min read
21 Apr 2020 • 10 min read
Advancing computer technologies such as optical character recognition and artificial intelligence made simple challenge-based captcha systems obsolete. To defend the internet from increasingly sophisticated bot attacks from CAPTCHA hacking, advanced CAPTCHAs were born!
Advanced CAPTCHA is an anti-bot program that distinguishes itself from regular CAPTCHAs by utilizing a risk analysis engine -often based on behavioral analysis- over or within its challenge-response mechanism. This has changed the logic behind CAPTCHAs fundamentally.
While the legacy captcha systems ensured security with the difficulty of the challenge response, advanced captchas focused on behavioral characteristics of the traffic instead, providing higher security with less user friction
First Advanced CAPTCHA appeared in 2012 with GeeTest’s Slide CAPTCHA which used biometric tracking to distinguish non-human behavior within the traffic. This new technology allowed Geetest to quickly gain market dominance within the bot management industry in China, surpassing competitors like the tech giants Tencent and Alibaba. In 2020, GeeTest took up over 60% of the Chinese bot management market.
In 2014, Google implemented behavioral analysis into ReCaptcha v2, effectively turning it into an Advanced CAPTCHA, which led to the wide adoption of the technology internationally.
In 2021, GeeTest launched the 4th generation Adaptive CAPTCHA. It has been enhanced by active and dynamic security strategies to ensure both ease of use and security in every interaction. With 4374 security strategies per cycle and 7-layer dynamic protection, GeeTest Adaptive CAPTCHA increases the cost of cyber attackers by 3.714 times.
Advanced CAPTCHA analyzes the behavioral and environmental factors to find non-human features within online traffic. If the risk analysis engine cannot ensure the user is human or a bot, then the suspicious traffic goes through a challenge-response mechanism.
The risk analysis engine helps to reduce the friction for some users while at the same time, it can detect and block automation or captcha hacking tools directly. When there is not enough evidence to make a precise judgment, the challenge-response comes to collect further evidence.
More sophisticated systems such as GeeTest CAPTCHA will embed behavioral analysis within the challenge-response mechanism to increase its security and reduce the friction of the challenges.
The back-end risk analysis based on behavioral factors within a confined space, as well as environmental factors such as device reputation, hardware specifications, etc., are utilized to tell apart genuine human behavior from automated human behavior. AI-powered bots can mimic human behavior, and AI-powered CAPTCHA is a necessity to stop advanced bot threats.
There are two aspects of advanced CAPTCHA benefit AI technology.
Firstly, CAPTCHA is a great way to feed data into machine learning algorithms, which is crucial for its effectiveness. Industry experts hail machine learning as the most promising solution against automated threats.
Let’s take image recognition as an example. A stop sign is a red octagon with white letters reading “STOP,” and it can be identified by computer programs reasonably easily. However, the stop sign within a picture can look very different depending on the angle of the photo, the lighting, the weather, etc.
If we can feed millions of real-world pictures of stop signs into a machine learning algorithm, it can become very accurate at identifying stop signs within an image. However, marking millions of real-world images that include stop signs to feed the algorithms would require immense amounts of human labor. Or one could put all those images into a 3x3 matrix and ask people to select the ones that include a stop sign. Google has been training its image recognition algorithm through ReCAPTCHA for many years now, and even though the system has been successful at labeling large amounts of images, it has severe flaws as an anti-bot solution due to the high user friction it creates.
The second aspect of CAPTCHA that benefits AI technology is its role within the cybersecurity environment.
CAPTCHA was invented in the cybersecurity field to tell humans and bots apart using hard AI problems such as character or image recognition. Cybersecurity is a cat-and-mouse game between attackers and defenders where both sides try to best each other constantly. When CAPTCHA is deployed as a tool on the side of defenders, the only way for attackers to bypass CAPTCHA is through sophisticated solutions that will give automated computer programs the ability to be more human-like.
Especially today, where advanced CAPTCHA solutions utilize AI in their defenses in one way or another, every time a CAPTCHA solution has been breached, it likely means a computer program is more human-like and AI technology moves a step further.
Advanced CAPTCHA is a business imperative, not an IT imperative.
Although any website with a sensitive login or registration module should use a CAPTCHA, six industries benefit significantly more from an advanced CAPTCHA solution.
Most websites or mobile apps with critical operations such as login, register, form submission, etc., need a CAPTCHA to prevent automated attacks from happening. With the availability and affordability of machine learning and cloud computing tools, today, the bad actors can reach further and hit harder than ever before.
Without a strong deterrence such as an Advanced CAPTCHA solution, bot attacks are only a matter of when. Advanced CAPTCHAs increase the cost of attack exponentially and are a necessity for the protection of most websites, mobile apps, and APIs.
The inability of regular captcha solutions to prevent increasingly sophisticated bot attacks led to the emergence of advanced captchas. Even though security has been the primary drive behind this new industry standard, it also allowed captchas to be significantly more user-friendly.
In the era of user experience, where the conversion rate is one of the most significant KPI, the friction caused by the challenge-response of an Advanced CAPTCHA is an essential factor to consider. Although captchas are a necessity to keep websites, mobile apps, and APIs secure from automated attacks, an advanced CAPTCHA with a high-friction challenge-response can diminish the business imperative behind the bot defense solution.
If you'd like to find an alternative to the legacy captcha or other tools for a more secure and user-friendly online service, experience the GeeTest difference here!
GeeTest
GeeTest
Subscribe to our newsletter